The Urgency of Legal Regulation for Personal Data Protection in Indonesia in the Big Data Era

Authors

  • Suratman Hukom
  • Nurma Humi Universitas Sulawesi Tenggara, Kota Kendari, Sulawesi Tenggara, 93870
  • Ilham Lukman Universitas Negeri Gorontalo, Kota Gorontalo, Gorontalo, 96128

DOI:

https://doi.org/10.51903/hakim.v3i1.2291

Keywords:

Data Security, Data Privacy, Personal Data Protection Law (PDP Law), General Data Protection Regulation (GDPR), Cybercrime

Abstract

The rapid development of big data has significantly increased the risk of personal data breaches in Indonesia, highlighting the need for stricter regulations to safeguard personal information. Although Law No. 27 of 2022 on Personal Data Protection (UU PDP) has been enacted, its implementation still faces several challenges, including weak oversight mechanisms and low corporate compliance. This study aims to analyze the effectiveness of the UU PDP in providing legal protection for personal data in Indonesia and compare it with the General Data Protection Regulation (GDPR) in the European Union. Using a normative legal approach and comparative legal methodology, this research examines Indonesia’s data protection regulations and contrasts them with international standards. Findings indicate that more than 60% of companies in Indonesia have not yet fully complied with the UU PDP, while cases of data breaches have increased significantly. Major incidents include the leakage of 279 million BPJS Kesehatan user records in 2021 and 91 million Tokopedia user records in 2020. Additionally, 75% of Indonesian internet users remain skeptical about the security of their data in digital transactions. Compared to the GDPR, the UU PDP still has weaknesses in terms of enforcement and sanctions. While the GDPR imposes fines of up to 4% of a company’s global revenue for violations, the UU PDP still imposes relatively low penalties. This study contributes to policy recommendations aimed at strengthening the implementation of the UU PDP, including the establishment of an independent authority responsible for personal data protection and the enhancement of penalties for violators

References

Aisyah, D. N., Mayadewi, C. A., Budiharsana, M., Solikha, D. A., Ali, P. B., Igusti, G., Kozlakidis, Z., & Manikam, L. (2022). Building on Health Security Capacities in Indonesia: Lessons Learned from the Covid-19 Pandemic Responses and Challenges. Zoonoses and Public Health, 69(6), 757–767. https://doi.org/10.1111/zph.12976

Akour, I., Alnazzawi, N., Alshurideh, M., Almaiah, M. A., Al Kurdi, B., Alfaisal, R. M., & Salloum, S. (2022). A Conceptual Model for Investigating the Effect of Privacy Concerns on E-Commerce Adoption: A Study on United Arab Emirates Consumers. Electronics, 11(22), 3648. https://doi.org/10.3390/electronics11223648

Aldboush, H. H. H., & Ferdous, M. (2023). Building Trust in Fintech: An Analysis of Ethical and Privacy Considerations in the Intersection of Big Data, AI, and Customer Trust. International Journal of Financial Studies, 11(3), 90. https://doi.org/10.3390/ijfs11030090

Althea Serafim, K., Pratiwi, B., & Suwardi, S. (2024). Efektivitas Kebijakan Perlindungan Data Pribadi di Indonesia: Analisis Hukum Perdata dengan Pendekatan Studi Kasus. Hakim: Jurnal Ilmu Hukum Dan Sosial, 2(4), 740–756. https://doi.org/10.51903/hakim.v2i4.2157

Aska, M. F., Putra, D. P., & Sinambela, C. J. M. (2024). Strategi Efektif untuk Implementasi Keamanan Siber di Era Digital. Journal of Informatic and Information Security, 5(2), 187–200. https://doi.org/10.31599/fzg80847

Astuti, E., Maman Suherman, A., Setiady, T., Hukum, F., Singaperbangsa Karawang, U., Alamat, I., Ronggo Waluyo, J. H., Timur, T., & Barat, J. (2025). Implikasi Hukum Pidana Penyalahgunaan Data Pribadi Kasus Dharma Pongrekun Pilkada Jakarta Berdasarkan Teori Penegakan Hukum. Hukum Inovatif : Jurnal Ilmu Hukum Sosial Dan Humaniora, 2(1), 81–95. https://doi.org/10.62383/humif.v2i1.997

Atadoga, A., Farayola, O. A., Ayinla, B. S., Amoo, O. O., Abrahams, T. O., & Osasona, F. (2024). A Comparative Review of Data Encryption Methods in the USA and Europe. Computer Science & IT Research Journal, 5(2), 447–460. https://doi.org/10.51594/csitrj.v5i2.815

Cervi, G. V. (2022). Why and How Does the EU Rule Global Digital Policy: An Empirical Analysis of EU Regulatory Influence in Data Protection Laws. Digital Society, 1(2), 1–24. https://doi.org/10.1007/s44206-022-00005-3

Chhetri, T. R., Kurteva, A., Delong, R. J., Hilscher, R., Korte, K., & Fensel, A. (2022). Data Protection by Design Tool for Automated GDPR Compliance Verification Based on Semantically Modeled Informed Consent. Sensors, 22(7), 2763. https://doi.org/10.3390/s22072763

Chin, Y. C., & Zhao, J. (2022). Governing Cross-Border Data Flows: International Trade Agreements and Their Limits. Laws, 11(4), 1–22. https://doi.org/10.3390/laws11040063

Dhiman, G., Juneja, S., Mohafez, H., El-Bayoumy, I., Sharma, L. K., Hadizadeh, M., Islam, M. A., Viriyasitavat, W., & Khandaker, M. U. (2022). Federated Learning Approach to Protect Healthcare Data over Big Data Scenario. Sustainability, 14(5), 2500. https://doi.org/10.3390/su14052500

Futri, I., & Naruetharadhol, P. (2025). Open Innovation ’ S Effects on Indonesia ’ S Digital Health Market and Related Societal Issues. Cogent Arts & Humanities, 12(1), 2457819. https://doi.org/10.1080/23311983.2025.2457819

Georgiadis, G., & Poels, G. (2022). Towards a Privacy Impact Assessment Methodology to Support the Requirements of the General Data Protection Regulation in a Big Data Analytics Context: A Systematic Literature Review. Computer Law & Security Review, 44, 105640. https://doi.org/10.1016/j.clsr.2021.105640

Higgins, N., Ferri, D., & Donnellan, K. (2023). Enhancing Access to Digital Culture for Vulnerable Groups: The Role of Public Authorities in Breaking Down Barriers. International Journal for the Semiotics of Law, 36(5), 2087–2114. https://doi.org/10.1007/s11196-022-09959-6

Jakobi, T., von Grafenstein, M., Smieskol, P., & Stevens, G. (2022). A Taxonomy of User-Perceived Privacy Risks to Foster Accountability of Data-Based Services. Journal of Responsible Technology, 10, 100029. https://doi.org/10.1016/j.jrt.2022.100029

Kshetri, N. (2023). China’s Digital Yuan: Motivations of the Chinese Government and Potential Global Effects. Journal of Contemporary China, 32(139), 87–105. https://doi.org/10.1080/10670564.2022.2052441

Li, Y., Wang, R., Li, Y., Zhang, M., & Long, C. (2023). Wind Power Forecasting Considering Data Privacy Protection: A Federated Deep Reinforcement Learning Approach. Applied Energy, 329, 120291. https://doi.org/10.1016/j.apenergy.2022.120291

Li, Z. S., Werner, C., Ernst, N., & Damian, D. (2022). Towards Privacy Compliance: A Design Science Study in a Small Organization. Information and Software Technology, 146, 106868. https://doi.org/10.1016/j.infsof.2022.106868a

Mahmoud, B. Ben, Lehoux, N., Blanchet, P., & Cloutier, C. (2022). Barriers, Strategies, and Best Practices for BIM Adoption in Quebec Prefabrication Small and Medium-Sized Enterprises (SMEs). Buildings, 12(4), 390. https://doi.org/10.3390/buildings12040390

Meissner, K. (2023). How to Sanction International Wrongdoing? The Design of EU Restrictive Measures. Review of International Organizations, 18(1), 61–85. https://doi.org/10.1007/s11558-022-09458-0

Perera, S., Jin, X., Maurushat, A., & Opoku, D. G. J. (2022). Factors Affecting Reputational Damage to Organisations Due to Cyberattacks. Informatics, 9(1), 1–24. https://doi.org/10.3390/informatics9010028

Putra, R. K., Idris, M. F., & Widhiati, G. (2024). Perlindungan Data Pribadi Dalam Era Big Data: Implikasi Hukum Di Indonesia. Jaksa : Jurnal Kajian Ilmu Hukum Dan Politik, 2(4), 31–44. https://doi.org/10.51903/jaksa.v2i4.2260

Shahid, J., Ahmad, R., Kiani, A. K., Ahmad, T., Saeed, S., & Almuhaideb, A. M. (2022). Data Protection and Privacy of the Internet of Healthcare Things (IoHTs). Applied Sciences (Switzerland), 12(4), 1927. https://doi.org/10.3390/app12041927

Wu, R., & Lin, B. (2022). Environmental Regulation and Its Influence on Energy-Environmental Performance: Evidence on the Porter Hypothesis from China’s Iron and Steel Industry. Resources, Conservation and Recycling, 176, 105954. https://doi.org/10.1016/j.resconrec.2021.105954

Yeung, K., & Bygrave, L. A. (2022). Demystifying the Modernized European Data Protection Regime: Cross-Disciplinary Insights from Legal and Regulatory Governance Scholarship. Regulation and Governance, 16(1), 137–155. https://doi.org/10.1111/rego.12401

Zhu, F. B., & Song, Z. (2022). Systematic Regulation of Personal Information Rights in the Era of Big Data. SAGE Open, 12(1), 1–11. https://doi.org/10.1177/21582440211067529

Downloads

Published

2025-02-19

Issue

Vol. 3 No. 1 (2025): HAKIM: Jurnal Ilmu Hukum dan Sosial

Section

Articles

How to Cite

The Urgency of Legal Regulation for Personal Data Protection in Indonesia in the Big Data Era. (2025). Hakim: Jurnal Ilmu Hukum Dan Sosial, 3(1), 974-992. https://doi.org/10.51903/hakim.v3i1.2291